res.forbidden()
This method is used to send a 403 ("Forbidden") response back down to the client indicating that the request is not allowed. This usually means the user-agent tried to do something it was not allowed to do, like change the password of another user.
Usage
return res.forbidden();
Or:
return res.forbidden(data);return res.forbidden(data, pathToView);
Details
Like the other built-in custom response modules, the behavior of this method is customizable.
By default, it works as follows:
- If the request "wants JSON" (e.g. the request originated from AJAX, WebSockets, or a REST client like cURL), Sails will send the provided error
dataas JSON. If nodatais provided a default response body will be sent (the string"Forbidden"). - If the request does not "want JSON" (e.g. a URL typed into a web browser), Sails will attempt to serve one of your views.
- If a specific
pathToViewwas provided, Sails will attempt to use that view. - Alternatively if
pathToViewwas not provided, Sails will serve a default error page (the view located atviews/403.ejs). If that view does not exist, Sails will just send JSON. - If Sails serves a view, the
dataargument will be accessible as a view local:data.
- If a specific
Example
Using the default view:
if ( !req.session.canEditSalesforceLeads ) {
return res.forbidden('Write access required');
}
With a custom view:
if ( !req.session.canEditSalesforceLeads ) {
return res.forbidden(
''Write access required'',
'salesforce/leads/edit'
);
}
Notes
- This method is terminal, meaning it is generally the last line of code your app should run for a given request (hence the advisory usage of
returnthroughout these docs).res.forbidden()(like other userland response methods) can be overridden or modified. It runs the response method defined in/responses/forbidden.js, which is bundled automatically in newly generated Sails apps. If aforbidden.jsresponse method does not exist in your app, Sails will implicitly use the default behavior.- If
pathToViewrefers to a missing view, this method will respond as if the request "wants JSON". +By default, the specified error (err) will be excluded if the app is running in the "production" environment (i.e.process.env.NODE_ENV === 'production').
For a better experience on sailsjs.com, update your browser.
Reference
- Application
- Blueprint API
- Command Line Interface
-
Configuration
- sails.config.*
- sails.config.blueprints
- sails.config.bootstrap()
- sails.config.connections
- sails.config.cors
- sails.config.csrf
- sails.config.globals
- sails.config.http
- sails.config.i18n
- sails.config.log
- sails.config.models
- sails.config.policies
- sails.config.routes
- sails.config.session
- sails.config.sockets
- sails.config.views
-
Request (`req`)
- req.accepted
- req.acceptedCharsets
- req.acceptedLanguages
- req.body
- req.cookies
- req.fresh
- req.headers
- req.host
- req.ip
- req.ips
- req.isSocket
- req.method
- req.options
- req.originalUrl
- req.params
- req.path
- req.protocol
- req.query
- req.secure
- req.signedCookies
- req.socket
- req.subdomains
- req.url
- req.wantsJSON
- req.xhr
- req.accepts()
- req.acceptsCharset()
- req.acceptsLanguage()
- req.allParams()
- req.file()
- req.get()
- req.is()
- req.param()
- Response (`res`)
- Waterline (ORM)
- WebSockets
Built with Love
The Sails framework is maintained by a web & mobile studio in Austin, TX, with the help of our contributors. We created Sails in 2012 to assist us on Node.js projects. Naturally we open-sourced it. We hope it makes your life a little bit easier!
© 2012-2018 The Sails Company.
The Sails framework is free and open-source under the MIT License.